© ISO 2000 – All rights reserved
23
Process validation should be carried out at appropriate intervals to ensure timely reaction to changes impacting the process. Particular attention should be given to validation of processes
— for high value and safety critical products, — where deficiency in product will only be apparent in use,
— which cannot be repeated, and — where verification of product is not possible.
The organization should implement a process for effective and efficient control of changes to ensure that product or process changes benefit the organization and satisfy the needs and expectations of interested parties. Changes
should be identified, recorded, evaluated, reviewed, and controlled in order to understand the effect on other processes and the needs and expectations of customers and other interested parties.
Any changes in the process affecting product characteristics should be recorded and communicated in order to maintain the conformity of the product and provide information for corrective action or performance improvement of
the organization. Authority for initiating change should be defined in order to maintain control.
Outputs in the form of products should be validated after any related change, to ensure that the change has had the desired effect.
Use of simulation techniques can also be considered in order to plan for prevention of failures or faults in processes. Risk assessment should be undertaken to assess the potential for, and the effect of, possible failures or faults in
processes. The results should be used to define and implement preventive actions to mitigate identified risks. Examples of tools for risk assessment include
— fault modes and effects analysis, — fault tree analysis,
— relationship diagrams, — simulation techniques, and
— reliability prediction.
7.2 Processes related to interested parties
Management should ensure that the organization has defined mutually acceptable processes for communicating effectively and efficiently with its customers and other interested parties. The organization should implement and
maintain such processes to ensure adequate understanding of the needs and expectations of its interested parties, and for translation into requirements for the organization. These processes should include identification and review
of relevant information and should actively involve customers and other interested parties. Examples of relevant process information include
— requirements of the customer or other interested parties, — market research, including sector and end-user data,
— contract requirements, — competitor analysis,
— benchmarking, and — processes due to statutory or regulatory requirements.
The organization should have a full understanding of the process requirements of the customer, or other interested party, before initiating its action to comply. This understanding and its impact should be mutually acceptable to the
participants.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
24
© ISO 2000 – All rights reserved
7.3 Design and development
7.3.1 General guidance
Top management should ensure that the organization has defined, implemented and maintained the necessary design and development processes to respond effectively and efficiently to the needs and expectations of its
customers and other interested parties.
When designing and developing products or processes, management should ensure that the organization is not only capable of considering their basic performance and function, but all factors that contribute to meeting the product and
process performance expected by customers and other interested parties. For example, the organization should consider life cycle, safety and health, testability, usability, user-friendliness, dependability, durability, ergonomics, the
environment, product disposal and identified risks.
ISO 9001:2000, Quality management systems — Requirements
7.2 Customer-related processes
7.2.1 Determination of requirements related to the product
The organization shall determine a requirements specified by the customer, including the requirements for delivery and post-delivery activities,
b requirements not stated by the customer but necessary for specified or intended use, where known, c statutory and regulatory requirements related to the product, and
d any additional requirements determined by the organization.
7.2.2 Review of requirements related to the product
The organization shall review the requirements related to the product. This review shall be conducted prior to the organizations commitment to supply a product to the customer e.g. submission of tenders, acceptance of contracts
or orders, acceptance of changes to contracts or orders and shall ensure that
a product requirements are defined, b contract or order requirements differing from those previously expressed are resolved, and
c the organization has the ability to meet the defined requirements. Records of the results of the review and actions arising from the review shall be maintained.
Where the customer provides no documented statement of requirement, the customer requirements shall be confirmed by the organization before acceptance.
Where product requirements are changed, the organization shall ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements.
NOTE In some situations, such as internet sales, a formal review is impractical for each order. Instead the review can cover relevant product information such as catalogues, or advertising material.
7.2.3 Customer communication
The organization shall determine and implement effective arrangements for communicating with customers in relation to
a product information, b enquiries, contracts or order handling, including amendments, and
c customer feedback, including customer complaints.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
© ISO 2000 – All rights reserved
25
Management also has the responsibility to ensure that steps are taken to identify and mitigate potential risk to the users of the products and processes of the organization. Risk assessment should be undertaken to assess the
potential for, and the effect of, possible failures or faults in products or processes. The results of the assessment should be used to define and implement preventive actions to mitigate the identified risks. Examples of tools for risk
assessment of design and development include
— design fault modes and effects analysis, — fault tree analysis,
— reliability prediction, — relationship diagrams,
— ranking techniques, and — simulation techniques.
7.3.2 Design and development input and output
The organization should identify process inputs that affect the design and development of products and facilitate effective and efficient process performance in order to satisfy the needs and expectations of customers, and those of
other interested parties. These external needs and expectations, coupled with those internal to the organization, should be suitable for translation into input requirements for the design and development processes.
Examples are as follows: a external inputs such as
— customer or marketplace needs and expectations, — needs and expectation of other interested parties,
— suppliers contributions, — user input to achieve robust design and development,
— changes in relevant statutory and regulatory requirements, — international or national standards, and
— industry codes of practice;
ISO 9001:2000, Quality management systems — Requirements
7.3 Design and development
7.3.1 Design and development planning
The organization shall plan and control the design and development of product. During the design and development planning the organization shall determine
a the design and development stages, b the review, verification and validation that are appropriate to each design and development stage, and
c the responsibilities and authorities for design and development. The organization shall manage the interfaces between different groups involved in design and development to
ensure effective communication and clear assignment of responsibility. Planning output shall be updated, as appropriate, as the design and development progresses.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
26
© ISO 2000 – All rights reserved
b internal inputs such as — policies and objectives,
— needs and expectations of people in the organization, including those receiving the output of the process, — technological developments,
— competence requirements for people performing design and development, — feedback information from past experience,
— records and data on existing processes and products, and — outputs from other processes;
c inputs that identify those characteristics of processes or products that are crucial to safe and proper functioning and maintenance, such as
— operation, installation and application, — storage, handling and delivery,
— physical parameters and the environment, and — requirements for disposal of the products.
Product-related inputs based on an appreciation of the needs and expectations of end users, as well as those of the direct customer, can be important. Such inputs should be formulated in a way that permits the product to be verified
and validated effectively and efficiently.
The output should include information to enable verification and validation to planned requirements. Examples of the output of design and development include
— data demonstrating the comparison of process inputs to process outputs, — product specifications, including acceptance criteria,
— process specifications, — material specifications,
— testing specifications, — training requirements,
— user and consumer information, — purchase requirements, and
— reports of qualification tests. Design and development outputs should be reviewed against inputs to provide objective evidence that outputs have
effectively and efficiently met the requirements for the process and product.
ISO 9001:2000, Quality management systems — Requirements 7.3.2 Design and development inputs
Inputs relating to product requirements shall be determined and records maintained. These shall include a functional and performance requirements,
b applicable statutory and regulatory requirements, c where applicable, information derived from previous similar designs, and
d other requirements essential for design and development. These inputs shall be reviewed for adequacy. Requirements shall be complete, unambiguous and not in conflict with
each other.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
© ISO 2000 – All rights reserved
27
7.3.3 Design and development review
Top management should ensure that appropriate people are assigned to manage and conduct systematic reviews to determine that design and development objectives are achieved. These reviews may be conducted at selected points
in the design and development process as well as at completion.
Examples of topics for such reviews include — adequacy of input to perform the design and development tasks,
— progress of the planned design and development process, — meeting verification and validation goals,
— evaluation of potential hazards or fault modes in product use, — life-cycle data on performance of the product,
— control of changes and their effect during the design and development process, — identification and correction of problems,
— opportunities for design and development process improvement, and — potential impact of the product on the environment.
At suitable stages, the organization should also undertake reviews of design and development outputs, as well as the processes, in order to satisfy the needs and expectations of customers and people within the organization who
receive the process output. Consideration should also be given to the needs and expectations of other interested parties.
Examples of verification activities for output of the design and development process include — comparisons of input requirements with the output of the process,
— comparative methods, such as alternative design and development calculations, — evaluation against similar products,
— testing, simulations or trials to check compliance with specific input requirements, and — evaluation against lessons learned from past process experience, such as nonconformities and deficiencies.
Validation of the output of the design and development processes is important for the successful reception and use by customers, suppliers, people in the organization and other interested parties.
7.3.3 Design and development outputs
The outputs of design and development shall be provided in a form that enables verification against the design and development input and shall be approved prior to release.
Design and development outputs shall a meet the input requirements for design and development,
b provide appropriate information for purchasing, production and for service provision, c contain or reference product acceptance criteria, and
d specify the characteristics of the product that are essential for its safe and proper use.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
28
© ISO 2000 – All rights reserved
Participation by the affected parties permits the actual users to evaluate the output by such means as — validation of engineering designs prior to construction, installation or application,
— validation of software outputs prior to installation or use, and — validation of services prior to widespread introduction.
Partial validation of the design and development outputs may be necessary to provide confidence in their future application.
Sufficient data should be generated through verification and validation activities to enable design and development methods and decisions to be reviewed. The review of methods should include
— process and product improvement, — usability of output,
— adequacy of process and review records, — failure investigation activities, and
— future design and development process needs.
ISO 9001:2000, Quality management systems — Requirements 7.3.4 Design and development review
At suitable stages, systematic reviews of design and development shall be performed in accordance with planned arrangements
a to evaluate the ability of the results of design and development to meet requirements, and b to identify any problems and propose necessary actions.
Participants in such reviews shall include representatives of functions concerned with the design and development stages being reviewed. Records of the results of the reviews and any necessary actions shall be maintained.
7.3.5 Design and development verification
Verification shall be performed in accordance with planned arrangements to ensure that the design and development outputs have met the design and development input requirements. Records of the results of the
verification and any necessary actions shall be maintained.
7.3.6 Design and development validation
Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the requirements for the specified application or intended use, when known.
Wherever practicable, validation shall be completed prior to the delivery or implementation of the product. Records of the results of validation and any necessary actions shall be maintained.
7.3.7 Control of design and development changes
Design and development changes shall be identified and records maintained. The changes shall be reviewed, verified and validated, as appropriate, and approved before implementation. The review of design and development
changes shall include evaluation of the effect of the changes on constituent parts and product already delivered.
Records of the results of the review of changes and any necessary actions shall be maintained.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
© ISO 2000 – All rights reserved
29 7.4 Purchasing
7.4.1 Purchasing process
Top management of the organization should ensure that effective and efficient purchasing processes are defined and implemented for the evaluation and control of purchased products, in order that purchased products satisfy the
organizations needs and requirements, as well as those of interested parties.
Use of electronic linkage with suppliers should be considered in order to optimize communication of requirements. To ensure the effective and efficient performance of the organization, management should ensure that purchasing
processes consider the following activities: — timely, effective and accurate identification of needs and purchased product specifications;
— evaluation of the cost of purchased product, taking account of product performance, price and delivery; — the organizations need and criteria for verifying purchased products;
— unique supplier processes; — consideration of contract administration, for both supplier and partner arrangements;
— warranty replacement for nonconforming purchased products; — logistic requirements;
— product identification and traceability; — preservation of product;
— documentation, including records; — control of purchased product which deviates from requirements;
— access to suppliers premises; — product delivery, installation or application history;
— supplier development; — identification and mitigation of risks associated with the purchased product.
Requirements for suppliers processes and product specifications should be developed with suppliers in order to benefit from available supplier knowledge. The organization could also involve suppliers in the purchasing process in
relation to their products in order to improve the effectiveness and efficiency of the organizations purchasing process. This could also assist the organization in its control and availability of inventory.
The organization should define the need for records of purchased product verification, communication and response to nonconformities in order to demonstrate its own conformity to specification.
7.4.2 Supplier control process
The organization should establish effective and efficient processes to identify potential sources for purchased materials, to develop existing suppliers or partners, and to evaluate their ability to supply the required products in
order to ensure the effectiveness and efficiency of overall purchasing processes.
Examples of inputs to the supplier control process include — evaluation of relevant experience,
— performance of suppliers against competitors, — review of purchased product quality, price, delivery performance and response to problems,
— audits of supplier management systems and evaluation of their potential capability to provide the required products effectively and efficiently and within schedule,
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
30
© ISO 2000 – All rights reserved
— checking supplier references and available data on customer satisfaction, — financial assessment to assure the viability of the supplier throughout the intended period of supply and
cooperation, — supplier response to inquiries, quotations and tendering,
— supplier service, installation and support capability and history of performance to requirements, — supplier awareness of and compliance with relevant statutory and regulatory requirements,
— the suppliers logistic capability including locations and resources, and — the suppliers standing and role in the community, as well as perception in society.
Management should consider actions needed to maintain the organizations performance and to satisfy interested parties in the event of supplier failure.
ISO 9001:2000, Quality management systems — Requirements
7.4 Purchasing
7.4.1 Purchasing process
The organization shall ensure that purchased product conforms to specified purchase requirements. The type and extent of control applied to the supplier and the purchased product shall be dependent upon the effect of the
purchased product on subsequent product realization or the final product.
The organization shall evaluate and select suppliers based on their ability to supply product in accordance with the organizations requirements. Criteria for selection, evaluation and re-evaluation shall be established. Records of the
results of evaluations and any necessary actions arising from the evaluation shall be maintained.
7.4.2 Purchasing information
Purchasing information shall describe the product to be purchased, including where appropriate a requirements for approval of product, procedures, processes and equipment,
b requirements for qualification of personnel, and c quality management system requirements.
The organization shall ensure the adequacy of specified purchase requirements prior to their communication to the supplier.
7.4.3 Verification of purchased product
The organization shall establish and implement the inspection or other activities necessary for ensuring that purchased product meets specified purchase requirements.
Where the organization or its customer intends to perform verification at the suppliers premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
© ISO 2000 – All rights reserved
31 7.5 Production and service operations
7.5.1 Operation and realization
Top management should go beyond control of the realization processes in order to achieve both compliance with requirements and provide benefits to interested parties. This may be achieved through improving the effectiveness
and efficiency of the realization processes and associated support processes, such as
— reducing waste, — training of people,
— communicating and recording information, — developing supplier capability,
— improving infrastructure, — preventing problems,
— processing methods and process yield, and — methods of monitoring.
ISO 9001:2000, Quality management systems — Requirements
7.5 Production and service provision
7.5.1 Control of production and service provision
The organization shall plan and carry out production and service provision under controlled conditions. Controlled conditions shall include, as applicable
a the availability of information that describes the characteristics of the product, b the availability of work instructions, as necessary,
c the use of suitable equipment, d the availability and use of monitoring and measuring devices,
e the implementation of monitoring and measurement, and f
the implementation of release, delivery and post-delivery activities.
7.5.2 Validation of processes for production and service provision
The organization shall validate any processes for production and service provision where the resulting output cannot be verified by subsequent monitoring or measurement. This includes any processes where deficiencies
become apparent only after the product is in use or the service has been delivered.
Validation shall demonstrate the ability of these processes to achieve planned results. The organization shall establish arrangements for these processes including, as applicable
a defined criteria for review and approval of the processes, b approval of equipment and qualification of personnel,
c use of specific methods and procedures, d requirements for records, and
e revalidation.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
32
© ISO 2000 – All rights reserved
7.5.2 Identification and traceability
The organization can establish a process for identification and traceability that goes beyond the requirements in order to collect data which can be used for improvement.
The need for identification and traceability may arise from — status of products, including component parts,
— status and capability of processes, — benchmarking performance data, such as marketing,
— contract requirements, such as product recall capability, — relevant statutory and regulatory requirements,
— intended use or application, — hazardous materials, and
— mitigation of identified risks.
7.5.3 Customer property
The organization should identify responsibilities in relation to property and other assets owned by customers and other interested parties and under the control of the organization, in order to protect the value of the property.
Examples of such property are
— ingredients or components supplied for inclusion in a product, — product supplied for repair, maintenance or upgrading,
— packaging materials supplied directly by the customer, — customer materials handled by service operations such as storage,
— services supplied on behalf of the customer, such as transport of customer property to a third party, and — customer intellectual property, including specifications, drawings and proprietary information.
ISO 9001:2000, Quality management systems — Requirements 7.5.3 Identification and traceability
Where appropriate, the organization shall identify the product by suitable means throughout product realization. The organization shall identify the product status with respect to monitoring and measurement requirements.
Where traceability is a requirement, the organization shall control and record the unique identification of the product. NOTE In some industry sectors, configuration management is a means by which identification and traceability are maintained.
ISO 9001:2000, Quality management systems — Requirements 7.5.4 Customer property
The organization shall exercise care with customer property while it is under the organizations control or being used by the organization. The organization shall identify, verify, protect and safeguard customer property provided for use
or incorporation into the product. If any customer property is lost, damaged or otherwise found to be unsuitable for use, this shall be reported to the customer and records maintained.
NOTE Customer property can include intellectual property.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
© ISO 2000 – All rights reserved
33
7.5.4 Preservation of product
Management should define and implement processes for handling, packaging, storage, preservation and delivery of product that prevent damage, deterioration or misuse during internal processing and final delivery of the product.
Management should involve suppliers and partners in defining and implementing effective and efficient processes to protect purchased material.
Management should consider the need for any special requirements arising from the nature of the product. Special requirements can be associated with software, electronic media, hazardous materials, products requiring special
people for service, installation or application, and products or materials that are unique or irreplaceable.
Management should identify resources needed to maintain the product throughout its life cycle to prevent damage, deterioration or misuse. The organization should communicate information to the interested parties involved about
the resources and methods needed to preserve the intended use of the product throughout its life cycle.
7.6 Control of measuring and monitoring devices
Management should define and implement effective and efficient measuring and monitoring processes, including methods and devices for verification and validation of products and processes to ensure the satisfaction of customers
and other interested parties. These processes include surveys, simulations, and other measurement and monitoring activities.
In order to provide confidence in data, the measuring and monitoring processes should include confirmation that the devices are fit for use and are maintained to suitable accuracy and accepted standards, as well as a means of
identifying the status of the devices.
The organization should consider means to eliminate potential errors from processes, such as fool-proofing, for verification of process outputs in order to minimize the need for control of measuring and monitoring devices, and to
add value for interested parties.
ISO 9001:2000, Quality management systems — Requirements 7.5.5 Preservation of product
The organization shall preserve the conformity of product during internal processing and delivery to the intended destination. This preservation shall include identification, handling, packaging, storage and protection. Preservation
shall also apply to the constituent parts of a product.
ISO 9001:2000, Quality management systems — Requirements
7.6 Control of monitoring and measuring devices
The organization shall determine the monitoring and measurement to be undertaken and the monitoring and measuring devices needed to provide evidence of conformity of product to determined requirements.
The organization shall establish processes to ensure that monitoring and measurement can be carried out and are carried out in a manner that is consistent with the monitoring and measurement requirements.
Where necessary to ensure valid results, measuring equipment shall a be calibrated or verified at specified intervals or prior to use, against measurement standards traceable to
international or national measurement standards; where no such standards exist, the basis used for calibration or verification shall be recorded;
b be adjusted or re-adjusted as necessary; c be identified to enable calibration status to be determined;
d be safeguarded from adjustments that would invalidate the measurement result; e be protected from damage and deterioration during handling, maintenance and storage.
Licensed to PROXSEE LLCCAHYONO NUGROHO ISO Store order :849562Downloaded:2007-09-22
Single user licence only, copying and networking prohibited
34
© ISO 2000 – All rights reserved
8 Measurement, analysis and improvement
8.1 General guidance
